WebCitz Blog


Joomla 1.5 Website Owners – Hacked Website?

There has been a lot of talk as of late about hosting companies discontinuing service to Joomla 1.5.26 website customers. The primary reason pertains to a security exploit that is widely known to allow unauthorized file uploads to a Joomla 1.5.x website installation. If an attacker – human or bot – is able to upload a file to your hosting account then you pretty much lost almost all of your defenses. Through a single uploaded file, if properly coded – the attack would be able to copy, export, delete or modify any or all elements of your files, images, databases, emails, etc. It essentially opens your hosting account and your website to any attack the infiltrator would like to carry out, ranging from defacing your website to sending massive amounts of spam to setting up a phishing website or distributing malware.

For a hosting company, having a customer in this situation is a nightmare. Why? Because web hosting customers typically either have no clue they are using Joomla, they don’t know why they aren’t using the latest version of Joomla, they don’t understand that upgrading Joomla isn’t as quick as clicking a button, they don’t understand why their website was attacked, they want you to complete paperwork for law enforcement to “go after” the attacker, they want to know how the server was left so vulnerable that their website was attacked, they want you to drop everything that very moment to restore a backup or remedy the situation on the spot. In reality, the web hosting company isn’t typically responsible for the software on your hosting account, they aren’t responsible for fixing your website and if they do restore a backup of your website to the previous day the attack will just happen all over again.

For those website owners that just get flustered immediately upon any issue, we recommend you take a few breaths and think through your options. The first option is to work with your website developer, a new website developer or your hosting company to see what you can do to get your website running normally again. This might include restoring a website backup, removing malware or other remedies depending on the attack(s) deployed. The second step will be to temporarily secure your outdated Joomla installation – this can be done by using Anything Digital’s 31626 security patch that helps remedy the unauthorized file upload security vulnerability. The third step will be to make a decision to upgrade to the latest version of Joomla, which would be Joomla 2.5.17 or 3.2.1 as of January 22, 2014.

Having gone through this, you might be asking if moving away from Joomla is a better decision. Maybe you have friends or family that have setup a website using WordPress or Drupal. The answer we would recommend is to stay with the content management system that works best for your specific requirements and that you have existing experience using. If your car window is smashed and someone steals everything in your car, do you opt to buy your next car from a different manufacturer? No – that is not the logical conclusion. There isn’t a single website or application available for web access that isn’t vulnerable to attacks, just like there isn’t a safe or lock in the world that can’t be picked. The best defense is preparation.

If you need help installing the Joomla 1.5.26 security patch from Anything Digital, upgrading your Joomla 1.5.26 website to Joomla 2.5 or 3.x, or just help in general getting more awareness of what is going on with your website please contact WebCitz by phone at 800-796-8263 or through email by clicking here.